C-Suite Cybersecurity Sign-off Hinges on Customer Trust, Digital Opps

Omdia's Maxine Holt says cybersecurity practitioners need to emphasize their role in growing the business, not just preventing breaches.

Maxine Hot on stage at the Omdia summit
Source: Dan Raywood

BLACK HAT USA – Las Vegas – Wednesday, Aug. 9 Security teams looking to justify more cyber investment to the powers that be have good arguments to make these days: They can, for instance, make the case that realizing digital opportunities requires cybersecurity hardening and that, more and more, customer trust hinges on having a strong cybersecurity focus.

Speaking at the Omdia Analyst Summit at the Black Hat conference in Las Vegas, Omdia senior analyst Maxine Holt acknowledged that organizations struggle to invest in remaining secure, compliant, and resilient, particularly with new attack techniques developing and increased volumes of attempted breaches, along with staffing shortages.

Yet, "organizations must be continuously available [to customers] despite these security challenges," she said. "They must also be available to take advantage of digital opportunities."

She added that when it comes to making the case for additional investment, "it's kind of a carrot and a stick thing: The sticks are the cyberattacks, and the carrots are the digital opportunities that can help an organization better service customers."

Be the Most Trusted Entity for All

Holt said organizations want to avoid being the subject of the next headline and want to be trusted by their customers and partners as well as literally anywhere that they engage. She said there should be a Golden Rule consideration: Deal with data on others as you would expect others to deal with data held about you.

"Our organizations want to be trusted, whether you're private whether you're public, whether you're for profit or not," Holt said. She cited Walmart as an example, adding that the retail giant has invested millions of dollars on cybersecurity over the past decade, and as a result, is now pitching itself as the world's most trusted retailer. Not the most secure, she stresses — but the most trusted.

Another consideration here is that organizations are still looking to get a return on their security investment, and this is part of embracing more digital opportunities. Holt said that owners commonly believe that their organizations are secure, and cybersecurity is viewed as a commodity. However, some departments are making the case that it's impossible to go after digital transformation without a corresponding focus on cybersecurity. "We are seeing more organizations look for a return on their security investment to build the case for more investment in cybersecurity," she explained.

Holt said the best outcome for a return on security investment is when there are no incidents or breaches, but this rarely gets the CFO excited. "Innovation is the opportunity," Holt said, "and the investment in security could result in the organization being more competitive in the market."

An Evolution to Continuous Cybersecurity

Holt concluded by saying that in order to be effective, cybersecurity must evolve from a tick-the-box approach into a more continuous management of the cyber environment — but that implementing that realistically takes C-suite buy-in, so security teams need to start advocating for what they need.

"The organization must pay close attention because resilience is a business objective," Holy said, "and you cannot have business resilience without a balance of security resilience."

Holt said that by positioning cybersecurity as a key component of managing and sustaining the organization's growth, it could come to be seen as a core component of the business — one that supports customers, and the delivery of products and services.

"An organization cannot survive without basic solid cybersecurity," Holt said. "It can't thrive without a strong focus on cybersecurity; it is a key component of managing and sustaining the organization."

Read more about:

Black Hat News

About the Author(s)

Dan Raywood, Senior Editor, Dark Reading

With more than 20 years experience of B2B journalism, including 12 years covering cybersecurity, Dan Raywood brings a wealth of experience and information security knowledge to the table. He has covered everything from the rise of APTs, nation-state hackers, and hacktivists, to data breaches and the increase in government regulation to better protect citizens and hold businesses to account. Dan is based in the U.K., and when not working, he spends his time stopping his cats from walking over his keyboard and worrying about the (Tottenham) Spurs’ next match.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights